漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback
Vulnerability Description
FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
FileRise 安全漏洞
Vulnerability Description
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 3.10.0之前版本存在安全漏洞,该漏洞源于ONLYOFFICE集成存在访问控制缺陷,可能导致具有只读访问权限的认证用户获取文件签名保存回调URL并伪造ONLYOFFICE保存回调以覆盖文件。
CVSS Information
N/A
Vulnerability Type
N/A